Missing Secure Attribute in an Encrypted Ses

8/26/2009 1:24 pmEric Mittman

I have done some digging on this and here is what I have found. By default the cookies toolkit does not set the secure bit for cookies. However, if you use PHP you can do a quick update to set it this way. Here is an example of the set cookie code for PHP:

setcookie("secure_cookie", "1111", time()+(60*60*24*30), "/", "", 0);

It is this final 0 that makes the cookie secure, you can just update it so this last 0 is set to one like this:

setcookie("secure_cookie", "1111", time()+(60*60*24*30), "/", "", 1);

I did some testing with this and the cookie will not show on an http connection if it has the secure flag set like this.

0

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.